Control, don't isolate, GovNet
The GovNet request for information specifically states that there will be no interconnections or gateways to the Internet or other public or private networks and that GovNet will provide private intranet data connectivity within the contiguous 48 United States ["Clarke seeks immune intranet," FCW.com, Oct. 11].
The intent of this was to ensure that GovNet would not be susceptible to traditional risks associated with Internet-based connectivity. The obvious purpose of network-based technologies is to provide interconnectivity between two or more hosts for the purpose of information transfer. With that said, the fundamental problem is that many of the critical unclassified applications that the government depends on will reside outside of the purview of GovNet and traditional government organizations.
The first instinct during a time of crisis is to build walls. This instinct may be appropriate, depending on how critical the information resources are. However, this isolationist approach for sensitive but unclassified data will ultimately only inhibit the federal government from partnering with industry in support of mission-critical functions. Additionally, migration of mission-critical applications and business processes from the "as is" to the "to be" computing environment will take significant time.
By leveraging a "defense in depth" strategy and Draconian control mechanisms, GovNet may provide for stringent access controls between community-of-interest domain interconnections (e.g. the Internet, Secret Internet Protocol Router Network). These access controls can be similar to those imposed between the SIPRNET and the Non-Classified Internet Protocol Router Network within the Defense Department. This type of interconnectivity may represent an acceptable risk proposition that results in significant return on capability.
In this manner, GovNet becomes the eventual foundation that federal government organizations build on for their traditional daily information technology services. The centrally controlled GovNet allows federal agencies that possess mature, security-centric business processes and culture to migrate faster to the "to be" environment while maintaining their ability to interact with other agencies that are taking longer to effect meaningful change.
Interconnectivity between GovNet and the Internet can be limited and tightly controlled by network operation security centers. Specific limitations can be placed on the ports and protocols that transition the Internet gateways. Standard policies could block items such as mobile code and e-mail attachments. The specific policies and level of acceptable risk would be identified by the security division of the Office of Homeland Security.
This approach also supports the creation of a secure electronic commerce environment through the establishment of a GovNet demilitarized zone. This DMZ could facilitate various portal-based technologies designed to support secure interaction between the federal government and those entities that officials wish to conduct business with on the Internet. Once again, these gateways are tightly controlled and provide only specific security-centric access to GovNet from the untrusted network domains.
NEXT STORY: SRA acquisition aims locally